From 3e2a5e7ee80e32feab1bdce30c7fd9bf9bd2569a Mon Sep 17 00:00:00 2001 From: Koichi Ogura <12413803+number09@users.noreply.github.com> Date: Thu, 16 Jul 2020 17:13:12 +0900 Subject: [PATCH] fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work (#3135) * fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work * add test for update_user_pool_client --- moto/cognitoidp/models.py | 11 +++-- moto/cognitoidp/responses.py | 3 +- tests/test_cognitoidp/test_cognitoidp.py | 54 ++++++++++++++++++++++++ 3 files changed, 64 insertions(+), 4 deletions(-) diff --git a/moto/cognitoidp/models.py b/moto/cognitoidp/models.py index 4b4e0a8b1..c93563c2a 100644 --- a/moto/cognitoidp/models.py +++ b/moto/cognitoidp/models.py @@ -210,10 +210,11 @@ class CognitoIdpUserPoolDomain(BaseModel): class CognitoIdpUserPoolClient(BaseModel): - def __init__(self, user_pool_id, extended_config): + def __init__(self, user_pool_id, generate_secret, extended_config): self.user_pool_id = user_pool_id self.id = str(uuid.uuid4()) self.secret = str(uuid.uuid4()) + self.generate_secret = generate_secret or False self.extended_config = extended_config or {} def _base_json(self): @@ -225,6 +226,8 @@ class CognitoIdpUserPoolClient(BaseModel): def to_json(self, extended=False): user_pool_client_json = self._base_json() + if self.generate_secret: + user_pool_client_json.update({"ClientSecret": self.secret}) if extended: user_pool_client_json.update(self.extended_config) @@ -402,12 +405,14 @@ class CognitoIdpBackend(BaseBackend): return user_pool_domain # User pool client - def create_user_pool_client(self, user_pool_id, extended_config): + def create_user_pool_client(self, user_pool_id, generate_secret, extended_config): user_pool = self.user_pools.get(user_pool_id) if not user_pool: raise ResourceNotFoundError(user_pool_id) - user_pool_client = CognitoIdpUserPoolClient(user_pool_id, extended_config) + user_pool_client = CognitoIdpUserPoolClient( + user_pool_id, generate_secret, extended_config + ) user_pool.clients[user_pool_client.id] = user_pool_client return user_pool_client diff --git a/moto/cognitoidp/responses.py b/moto/cognitoidp/responses.py index 6c89c4806..1c945b23e 100644 --- a/moto/cognitoidp/responses.py +++ b/moto/cognitoidp/responses.py @@ -84,8 +84,9 @@ class CognitoIdpResponse(BaseResponse): # User pool client def create_user_pool_client(self): user_pool_id = self.parameters.pop("UserPoolId") + generate_secret = self.parameters.pop("GenerateSecret", False) user_pool_client = cognitoidp_backends[self.region].create_user_pool_client( - user_pool_id, self.parameters + user_pool_id, generate_secret, self.parameters ) return json.dumps({"UserPoolClient": user_pool_client.to_json(extended=True)}) diff --git a/tests/test_cognitoidp/test_cognitoidp.py b/tests/test_cognitoidp/test_cognitoidp.py index 1bd258c6b..d76587d1b 100644 --- a/tests/test_cognitoidp/test_cognitoidp.py +++ b/tests/test_cognitoidp/test_cognitoidp.py @@ -213,6 +213,29 @@ def test_create_user_pool_client(): result["UserPoolClient"]["UserPoolId"].should.equal(user_pool_id) result["UserPoolClient"]["ClientId"].should_not.be.none result["UserPoolClient"]["ClientName"].should.equal(client_name) + result["UserPoolClient"].should_not.have.key("ClientSecret") + result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1) + result["UserPoolClient"]["CallbackURLs"][0].should.equal(value) + + +@mock_cognitoidp +def test_create_user_pool_client_returns_secret(): + conn = boto3.client("cognito-idp", "us-west-2") + + client_name = str(uuid.uuid4()) + value = str(uuid.uuid4()) + user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"] + result = conn.create_user_pool_client( + UserPoolId=user_pool_id, + ClientName=client_name, + GenerateSecret=True, + CallbackURLs=[value], + ) + + result["UserPoolClient"]["UserPoolId"].should.equal(user_pool_id) + result["UserPoolClient"]["ClientId"].should_not.be.none + result["UserPoolClient"]["ClientName"].should.equal(client_name) + result["UserPoolClient"]["ClientSecret"].should_not.be.none result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1) result["UserPoolClient"]["CallbackURLs"][0].should.equal(value) @@ -331,6 +354,37 @@ def test_update_user_pool_client(): ) result["UserPoolClient"]["ClientName"].should.equal(new_client_name) + result["UserPoolClient"].should_not.have.key("ClientSecret") + result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1) + result["UserPoolClient"]["CallbackURLs"][0].should.equal(new_value) + + +@mock_cognitoidp +def test_update_user_pool_client_returns_secret(): + conn = boto3.client("cognito-idp", "us-west-2") + + old_client_name = str(uuid.uuid4()) + new_client_name = str(uuid.uuid4()) + old_value = str(uuid.uuid4()) + new_value = str(uuid.uuid4()) + user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"] + client_details = conn.create_user_pool_client( + UserPoolId=user_pool_id, + ClientName=old_client_name, + GenerateSecret=True, + CallbackURLs=[old_value], + ) + client_secret = client_details["UserPoolClient"]["ClientSecret"] + + result = conn.update_user_pool_client( + UserPoolId=user_pool_id, + ClientId=client_details["UserPoolClient"]["ClientId"], + ClientName=new_client_name, + CallbackURLs=[new_value], + ) + + result["UserPoolClient"]["ClientName"].should.equal(new_client_name) + result["UserPoolClient"]["ClientSecret"].should.equal(client_secret) result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1) result["UserPoolClient"]["CallbackURLs"][0].should.equal(new_value)